Cybersecurity Headlines Energy strategy, scammer accord, font-rendering attack
17 snips
Mar 18, 2026 Discussion of the Energy Department’s new grid-focused cyber strategy and public-private defensive AI plans. Tech companies forming an accord to share fraud tools and improve user reporting. A font-rendering trick that hides malicious commands from LLMs using custom fonts and CSS. Coverage of new malware loaders, state-linked intrusions, sanctions, and monitoring center expansion.
AI Snips
Chapters
Transcript
Episode notes
DOE Cyber Strategy Will Lean On Public Private Partnerships
- The Department of Energy will publish a strategic plan focused on protecting the energy grid from cyber attacks and supplementing the national cybersecurity strategy.
- Alex Fitzsimmons says it will lean on public-private partnerships and investments in defensive AI as adversaries increasingly use AI offensively.
Follow The Voluntary Scammer Information Sharing Accord
- Tech companies signed a voluntary online services accord to share scam information, deploy fraud detection tools, and create clear reporting mechanisms for users.
- Signatories include Google, Microsoft, Meta, Amazon, OpenAI, Adobe, and Match Group, but the accord has no enforcement mechanism.
Font Remapping Lets Malicious Commands Hide In Plain Sight
- LayerX demonstrated an attack that uses custom font remapping and CSS so HTML scanned by LLMs appears meaningless while the rendered page shows malicious commands.
- The technique bypassed most major models and vendors mostly labeled it social engineering; only Microsoft addressed it.